First allow your DNS server to reach out, then block all!!! Or use a destination NAT rule to redirect to a server of your choice.
First allow your DNS server to reach out, then block all!!! Or use a destination NAT rule to redirect to a server of your choice.